Re: security tools with email notification

From: dewt (dewt@kc.rr.com)
Date: 12/01/01


From: dewt <dewt@kc.rr.com>
To: John Christopher <john_christopher1997@yahoo.com>, security-basics@securityfocus.com
Date: Fri, 30 Nov 2001 17:17:38 -0600

On Thursday 29 November 2001 12:31 pm, John Christopher wrote:
> Hi -
>
> Many security tools (logcheck, for example)
> provide a facility for sending warnings, etc.
> to an email address.
>
> 1. Can anyone see any security problems with
> sending such info to a yahoo.com email address
> (in other words, how secure is yahoo mail)?
yes, you can expose usernames, and under some things even passwords in
plaintext sent over the internet should anyone compromise yahoo's mail system
or get your password, however encrypting it should offfer you plenty of
protection
> 2. Is it possible for an attacker to intercept
> email messages sent from a host he has targeted?
yes, but it would generally involve compromising systems somewhere between
that host and the yahoo mail servers for an outside attacker. it would be
relatively simple for someone inside to do it in most cases though
> 3. Should such emails be encrypted before being
> sent?
definitely
> Thanks -
> JC



Relevant Pages

  • Re: security tools with email notification
    ... security tools with email notification ... person who compromised a host can of course look at the outgoing ... yahoo, and you can encrypt it, if you feel like it - that depends on the ...
    (Security-Basics)
  • RE: security tools with email notification
    ... security tools with email notification ... I wouldn't trust yahoo mail for security, ... I guess it depends on his positioning between yourself and yahoo, if he can sniff traffic traversing the network you ...
    (Security-Basics)